Pinned toot

The NCSC and the NSA just confirmed that Turla 🇷🇺 compromised the APT34 operational infrastructure deeply enough to own all or most of their C2 (aka Oilrig 🇮🇷)

"Director of Cybercrime"

Does this mean you're the gang leader in cybercrime? 🤔

Midnight threat intel idea: buy servers at provider X known to host APT Y C2 infrastructure. Do data carving to find tools, keys and other goodies from APT Y. 🤔🤫

I think EDR should be more of a thing for mobile devices. It’s mostly unexploited territory.

Turla showing us some cool tricks here: marking a host’s encrypted outgoing TLS to uniquely identify victims via SIGINT, and this without touching the network, but by patching the browser’s crypto code

Ah nevermind, it was already kind of burned. But AFAIK it’s the first time I publicly see someone attributing the Lamberts to the CIA (which tbh, shouldn’t come as a surprise to many)

Someone making sure he's the only one capable to exploit the vBulletin vulnerability by patching the code and adding a password to the condition, smart move (misleading title if you ask me)

It means we’re actually increasing the cost of an attack: they are now being constrained with opsec procedures (specific toolsets, unique TTPs, etc.), when they want it to be "clean" at least.

The French CERT (@ANSSI_FR) is releasing DFIR ORC, a modular and scalable tool to collect artefacts on Windows systems

Interesting, some people have been targeting whistleblowers at the early stage w/ fake SecureDrop onion websites

A vendor should be agnostic about this kind of crap. I just think it’s a very poorly worded statement. That’s all. Don’t overanalyze this.

To be honest, I don’t think the fact a particular vuln has been used to target this or that is relevent here. Don’t blame Apple for that, blame the threat actor abusing the bug.

The chinese hedgehog strategy: it’s the bitter bit (tel est pris qui croyait prendre en Français)

Apple probably have the internal tools to do some great threat hunting at scale w/o invading users privacy. I truly hope they do... or let’s hope they seize this "opportunity" now

And I agree that the homogenous ecosystem makes it easy for a "1 vuln to rule them all" exploit, but it also makes it easier for Apple to remediate ongoing campaigns targeting their devices.

Show more

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!